Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/members
History
Jonathan Druart 1d0d5f1398 Bug 17365: Fix XSS in moremember.pl and memberentry.pl 
There are certainly hundred of places where they are not escaped...

Test plan:
Create a patron with "Arun <script>alert('code injection');</script>" in
some of the fields.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:19:56 +00:00
..
tables Bug 16752 - Remove the use of event attributes from some acquisitions templates - Funds 2016-09-15 13:56:42 +00:00
boraccount.tt Bug 16888: Add Font Awesome Icons to Members 2016-07-15 18:02:48 +00:00
deletemem.tt Bug 17097: here the var is 'member', not 'borrowernumber' 2016-08-18 15:55:24 +00:00
discharge.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
discharges.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
files.tt
mancredit.tt
maninvoice.tt
member-flags.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
member-password.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
member.tt Bug 15758: Koha::Libraries - Remove GetBranchesLoop 2016-09-08 14:36:02 +00:00
memberentrygen.tt Bug 17365: Fix XSS in moremember.pl and memberentry.pl 2016-10-11 16:19:56 +00:00
members-update.tt Bug 16990: Display branch names instead of code in patron mod requests 2016-09-02 14:44:03 +00:00
moremember-brief.tt Bug 17312 - Typo in members-toolbar.inc / moremember-brief.tt / moremember.tt 2016-09-25 13:51:56 +00:00
moremember-print.tt Bug 17100: Restore previous logic 2016-08-18 16:14:28 +00:00
moremember-receipt.tt Bug 16218: printfeercpt.tt (and others) does not include jQuery 2016-04-29 14:14:54 +00:00
moremember.tt Bug 17365: Fix XSS in moremember.pl and memberentry.pl 2016-10-11 16:19:56 +00:00
nl-search.tt
notices.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
pay.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
paycollect.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
printfeercpt.tt Bug 16218: printfeercpt.tt (and others) does not include jQuery 2016-04-29 14:14:54 +00:00
printinvoice.tt Bug 16241 - Move staff client CSS out of language directory 2016-04-29 13:54:37 +00:00
purchase-suggestions.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
readingrec.tt Bug 16478: Fix checkout history tabs - intranet 2016-05-23 17:22:04 +00:00
routing-lists.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
statistics.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
update-child.tt Bug 15407: Koha::Patron::Categories - replace GetborCatFromCatType 2016-09-08 13:29:22 +00:00